Communication Security: Web Based Services • Chapter 5  285

                    Text messaging is widely used in companies, with businesses often providing a
                 BlackBerry or other device with SMS capabilities to management, IT staff, and
                 other select personnel.While it allows these individuals to be contacted at any time,
                 it also presents security issues that are similar to Instant Messages.This includes the
                 ability to transmit sensitive information over an external (and possibly insecure)
                 system.Also, unlike IM for a computer, most devices that can download files or
                 have text messaging capabilities don’t have any kind of anti-virus protection.As
                 such, you must trust that the SMSC server or other servers providing data are
                 secure.The same applies to other services accessed through these devices. For
                 example, devices like the BlackBerry can access e-mail from Novell GroupWise,
                 providing a connection to an internal network’s e-mail system.While viruses
                 designed to attack cell phones and other devices that support text messaging are
                 almost non-existent, more can be expected as the technology improves and more
                 software is supported.


                   Cell Phone and Other Text Messaging Device Viruses
               Notes from the Underground…
                   Viruses that infected cell phones and other text messaging devices were
                   once considered urban legends. While you’d hear of one from time to
                   time, they would ultimately result in being a hoax. As software can now
                   be downloaded and installed on these devices however, the situation has
                   changed.
                        In June of 2000, the Timofonica virus was designed to send messages
                   to users of the Spanish cellular network, Telefonica. E-mail messages
                   were sent to people’s computers over the Internet, coaxing them to open
                   an attachment. Once opened, the program would send a text message to
                   randomly selected cell phones. While this was a fairly innocuous virus, it
                   was a first step toward viruses that attack cell phones.
                        As cell phones and other devices supporting text messaging became
                   more configurable and supported more software, actual viruses were
                   written to directly attack these devices. The Lasco.A virus appeared in
                   2005 with the ability to attach itself to .SIS files on devices using the
                   Symbian OS. When a user installed an infected file on their device, the
                   virus would be activated. What made the virus particularly interesting is
                   that it would send itself to any Bluetooth-enabled devices in the vicinity.
                   Other users would receive a message stating that they had received a
                   message, and ask if they would like to install the attachment. If they
                   accepted, they too would be infected, and activate the worm each time
                   their device turned on.






                                                                              www.syngress.com